Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1365
Views
5
Helpful
3
Replies

How to use NAM to collect Netflow data

jw1112
Level 1
Level 1

‎06-01-2009 08:54 AM

We have couple of NAM installed on our network, we want to collect layer-2 Netflow data since some of the NAM mod is installed on access layer switch (all of our switches have Sup 32 witch PFC3B card) which don't have a lot of traffic to affect performance.

After we turned on the netflow, we only get broadcast information on the NAM instead of real network traffic, but if we issue command

Show ip cache flow

On the switch which been turned on netflow, we will get real traffic data.

Labels:
0 Helpful
3 Replies 3

luijimen
Cisco Employee
Cisco Employee

‎06-01-2009 10:13 AM

Hi,

Monitoring devices via NetFlow with a NAM module involves 2 steps:

1-Configure the remote device to export NetFlow packets

2-Configure the NAM to accept and monitor the received NetFlow packets.

Step 1 involves configuring the NetFlow version and destination address. Configure it like the following (NAM's default NetFlow port is UDP 3000):

remote(config)#ip flow-export version 5

remote(config)#ip flow-export destination A.B.C.D 3000

Then, configure the following command to export NetFlow data from the interface you desire:

remote(config)#interface FastEthernet1

remote(config-if)#ip route-cache flow

For step 2, you need to do the following in your NAM module:

Go to NAM > Setup > Data Sources > NetFlow > Listening Mode.

Click 'Start'. Once the page refreshes, there should be an entry corresponding to the device exporting the packets.

Select it and click on 'Add'. Type the device's community string in the field and it would be added as a Data Source to the NAM.

Finally, enable the NetFlow monitoring under NAM > Setup > Monitor.

Select the NetFlow and NDE-A.B.C.D entries from the list and make sure to enable ALL checkboxes for both options. Apply any changes if necessary.

Now, NetFlow data will start getting monitored and their results should be shown under NAM > Monitor > *. Make sure to select NDE-A.B.C.D from the list to see its information.

jw1112
Level 1
Level 1
In response to luijimen

‎06-02-2009 05:08 AM

Hi,Luijimen,

Thanks for respons my question.

We have configured our system just like you told, but we only collect broadcase infomation, since the switch we turnd on netflow is an Access switch it does not has router interface configured on it we only configured a Vlan interface(This Vlan is the client Vlan we set up on this switch.

how can we get layer-2 switch flow info export to NAM?

0 Helpful

luijimen
Cisco Employee
Cisco Employee
In response to jw1112

‎06-05-2009 09:06 AM

Hi.

In this case, apply the configuration commands on the VLAN interface, along with the other version and destination commands.

Like the following:

DEVICE(config)#ip flow-export version 5

DEVICE(config)#ip flow-export destination A.B.C.D 3000

DEVICE(config)#int vlan10

DEVICE(config-if)#ip route-cache flow

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents